On Mon, Sep 25, 2006 at 06:43:40AM -1000, Randy Bush wrote:
if we are lucky, this time next year, you will be able to verify an X.509 certificate chain with rfc 3779 resource extensions, and have significant confidence in rights to address and asn resources.
As I can understand, I can verify origin of prefix, prefix itself, but it can't authorize is that certain as-path legitimate or not. Like I can figure it out from routing registry DB. Isn't it?
the current work will provide a formally verifiable demonstration of ownership of address space.
wow... address ownership. thats kind of a new concept. last i checked, most RIRs deal with the concept of address stewardship. does that mean i can assert ownership of integers and the RIR system will back me up?
one first useful step for an isp is to use the x.509 data to verify ownership assertions in the irr when building filter lists, for example. randy
--bill